CVE-2023-42807

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

F

rappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.

References

Link	Resource
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63	Third Party Advisory
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*

History

03 Oct 2025, 17:36

Type	Values Removed	Values Added
CPE	cpe:2.3:a:frappe:frappe_lms::::::::	cpe:2.3:a:frappe:learning::::::::
First Time		Frappe learning

21 Nov 2024, 08:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 6.3
References	~~() https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63 - Third Party Advisory~~	() https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63 - Third Party Advisory

Information

Published : 2023-09-21 17:15

Updated : 2025-10-03 17:36

NVD link : CVE-2023-42807

Mitre link : CVE-2023-42807

CVE.ORG link : CVE-2023-42807

JSON object : View

Products Affected

learning

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-42807", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-21T17:15:23.950", "references": [{"url": "https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app."}, {"lang": "es", "value": "Frappe LMS es un sistema de gesti\u00f3n de aprendizaje de c\u00f3digo abierto. En las versiones 1.0.0 y anteriores, en la P\u00e1gina Personas de LMS, hab\u00eda una vulnerabilidad de inyecci\u00f3n SQL. El problema se ha solucionado en la rama \"principal\". Los usuarios no enfrentar\u00e1n este problema si usan la \u00faltima rama principal de la aplicaci\u00f3n."}], "lastModified": "2025-10-03T17:36:07.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D8A113-A3FD-431D-90F7-087B69F41060", "versionEndIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}